Add content security policy to ensure mistakes or exploits never lead to third party connections from the page

author: James Taylor <user234683@users.noreply.github.com> 2019-07-26 13:09:41 -0700
committer: James Taylor <user234683@users.noreply.github.com> 2019-07-26 13:09:41 -0700
commit: 4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973 (patch)
tree: 4996877d21875fe93c498202add8bcafd71a4e5a /youtube/templates
parent: 10f1d7945ea5b87069dd2086defbad9277789227 (diff)
download: yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.tar.lz
yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.tar.xz
yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/youtube/templates/base.html b/youtube/templates/base.html
index 3dda55d..fae7d13 100644
--- a/youtube/templates/base.html
+++ b/youtube/templates/base.html
@@ -3,6 +3,7 @@
     <head>
         <meta charset="utf-8">
         <title>{{ page_title }}</title>
+        <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; script-src 'none'; media-src https://*.googlevideo.com">
         <link href="/youtube.com/static/shared.css" type="text/css" rel="stylesheet">
         <link href="/youtube.com/static/comments.css" type="text/css" rel="stylesheet">
         <link href="/youtube.com/static/favicon.ico" type="image/x-icon" rel="icon">
author	James Taylor <user234683@users.noreply.github.com>	2019-07-26 13:09:41 -0700
committer	James Taylor <user234683@users.noreply.github.com>	2019-07-26 13:09:41 -0700
commit	4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973 (patch)
tree	4996877d21875fe93c498202add8bcafd71a4e5a /youtube/templates
parent	10f1d7945ea5b87069dd2086defbad9277789227 (diff)
download	yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.tar.lz yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.tar.xz yt-local-4c9ecc9a18ca9c9e7b444edc2e265d6d1b2e9973.zip